PyPI - cartography - Versions diffs - 0.84.0__py3-none-any.whl → 0.85.1__py3-none-any.whl - Mend

cartography 0.84.0py3-none-any.whl → 0.85.1py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of cartography might be problematic. Click here for more details.

Files changed (33) hide show

cartography/intel/aws/eks.py CHANGED Viewed

@@ -6,8 +6,10 @@ from typing import List
 import boto3
 import neo4j
+from cartography.client.core.tx import load
+from cartography.graph.job import GraphJob
+from cartography.models.aws.eks.clusters import EKSClusterSchema
 from cartography.util import aws_handle_regions
-from cartography.util import run_cleanup_job
 from cartography.util import timeit
 logger = logging.getLogger(__name__)
@@ -15,9 +17,9 @@ logger = logging.getLogger(__name__)
 @timeit
 @aws_handle_regions
-def get_eks_clusters(boto3_session: boto3.session.Session, region: str) -> List[Dict]:
+def get_eks_clusters(boto3_session: boto3.session.Session, region: str) -> List[str]:
     client = boto3_session.client('eks', region_name=region)
-    clusters: List[Dict] = []
+    clusters: List[str] = []
     paginator = client.get_paginator('list_clusters')
     for page in paginator.paginate():
         clusters.extend(page['clusters'])
@@ -33,49 +35,20 @@ def get_eks_describe_cluster(boto3_session: boto3.session.Session, region: str,
 @timeit
 def load_eks_clusters(
-    neo4j_session: neo4j.Session, cluster_data: Dict, region: str, current_aws_account_id: str,
-    aws_update_tag: int,
+        neo4j_session: neo4j.Session,
+        cluster_data: List[Dict[str, Any]],
+        region: str,
+        current_aws_account_id: str,
+        aws_update_tag: int,
 ) -> None:
-    query: str = """
-    MERGE (cluster:EKSCluster{id: $ClusterArn})
-    ON CREATE SET cluster.firstseen = timestamp(),
-                cluster.arn = $ClusterArn,
-                cluster.name = $ClusterName,
-                cluster.region = $Region,
-                cluster.created_at = $CreatedAt
-    SET cluster.lastupdated = $aws_update_tag,
-        cluster.endpoint = $ClusterEndpoint,
-        cluster.endpoint_public_access = $ClusterEndointPublic,
-        cluster.rolearn = $ClusterRoleArn,
-        cluster.version = $ClusterVersion,
-        cluster.platform_version = $ClusterPlatformVersion,
-        cluster.status = $ClusterStatus,
-        cluster.audit_logging = $ClusterLogging
-    WITH cluster
-    MATCH (owner:AWSAccount{id: $AWS_ACCOUNT_ID})
-    MERGE (owner)-[r:RESOURCE]->(cluster)
-    ON CREATE SET r.firstseen = timestamp()
-    SET r.lastupdated = $aws_update_tag
-    """
-    for cd in cluster_data:
-        cluster = cluster_data[cd]
-        neo4j_session.run(
-            query,
-            ClusterArn=cluster['arn'],
-            ClusterName=cluster['name'],
-            ClusterEndpoint=cluster.get('endpoint'),
-            ClusterEndointPublic=cluster.get('resourcesVpcConfig', {}).get('endpointPublicAccess'),
-            ClusterRoleArn=cluster.get('roleArn'),
-            ClusterVersion=cluster.get('version'),
-            ClusterPlatformVersion=cluster.get('platformVersion'),
-            ClusterStatus=cluster.get('status'),
-            CreatedAt=str(cluster.get('createdAt')),
-            ClusterLogging=_process_logging(cluster),
-            Region=region,
-            aws_update_tag=aws_update_tag,
-            AWS_ACCOUNT_ID=current_aws_account_id,
-        )
+    load(
+        neo4j_session,
+        EKSClusterSchema(),
+        cluster_data,
+        Region=region,
+        AWS_ID=current_aws_account_id,
+        lastupdated=aws_update_tag,
+    )
 def _process_logging(cluster: Dict) -> bool:
@@ -91,24 +64,43 @@ def _process_logging(cluster: Dict) -> bool:
 @timeit
-def cleanup(neo4j_session: neo4j.Session, common_job_parameters: Dict) -> None:
-    run_cleanup_job('aws_import_eks_cleanup.json', neo4j_session, common_job_parameters)
+def cleanup(neo4j_session: neo4j.Session, common_job_parameters: Dict[str, Any]) -> None:
+    logger.info("Running EKS cluster cleanup")
+    GraphJob.from_node_schema(EKSClusterSchema(), common_job_parameters).run(neo4j_session)
+def transform(cluster_data: Dict[str, Any]) -> List[Dict[str, Any]]:
+    transformed_list = []
+    for cluster_name, cluster_dict in cluster_data.items():
+        transformed_dict = cluster_dict.copy()
+        transformed_dict['ClusterLogging'] = _process_logging(transformed_dict)
+        transformed_dict['ClusterEndpointPublic'] = transformed_dict.get('resourcesVpcConfig', {}).get(
+            'endpointPublicAccess',
+        )
+        if 'createdAt' in transformed_dict:
+            transformed_dict['created_at'] = str(transformed_dict['createdAt'])
+        transformed_list.append(transformed_dict)
+    return transformed_list
 @timeit
 def sync(
-    neo4j_session: neo4j.Session, boto3_session: boto3.session.Session, regions: List[str], current_aws_account_id: str,
-    update_tag: int, common_job_parameters: Dict,
+        neo4j_session: neo4j.Session,
+        boto3_session: boto3.session.Session,
+        regions: List[str],
+        current_aws_account_id: str,
+        update_tag: int,
+        common_job_parameters: Dict[str, Any],
 ) -> None:
     for region in regions:
         logger.info("Syncing EKS for region '%s' in account '%s'.", region, current_aws_account_id)
-        clusters: List[Dict] = get_eks_clusters(boto3_session, region)
-        cluster_data: Dict = {}
+        clusters: List[str] = get_eks_clusters(boto3_session, region)
+        cluster_data = {}
         for cluster_name in clusters:
-            cluster_data[cluster_name] = get_eks_describe_cluster(boto3_session, region, cluster_name)  # type: ignore
+            cluster_data[cluster_name] = get_eks_describe_cluster(boto3_session, region, cluster_name)
+        transformed_list = transform(cluster_data)
-        load_eks_clusters(neo4j_session, cluster_data, region, current_aws_account_id, update_tag)
+        load_eks_clusters(neo4j_session, transformed_list, region, current_aws_account_id, update_tag)
     cleanup(neo4j_session, common_job_parameters)

cartography/intel/aws/inspector.py CHANGED Viewed

@@ -7,10 +7,12 @@ from typing import Tuple
 import boto3
 import neo4j
+from cartography.client.core.tx import load
+from cartography.graph.job import GraphJob
+from cartography.models.aws.inspector.findings import AWSInspectorFindingSchema
+from cartography.models.aws.inspector.packages import AWSInspectorPackageSchema
 from cartography.util import aws_handle_regions
 from cartography.util import aws_paginate
-from cartography.util import batch
-from cartography.util import run_cleanup_job
 from cartography.util import timeit
@@ -20,17 +22,17 @@ logger = logging.getLogger(__name__)
 @timeit
 @aws_handle_regions
 def get_inspector_findings(
-    session: boto3.session.Session,
-    region: str,
-    current_aws_account_id: str,
-) -> List[Dict]:
-    '''
+        session: boto3.session.Session,
+        region: str,
+        current_aws_account_id: str,
+) -> List[Dict[str, Any]]:
+    """
     We must list_findings by filtering the request, otherwise the request could tiemout.
     First, we filter by account_id. And since there may be millions of CLOSED findings that may never go away,
     we will only fetch those in ACTIVE or SUPPRESSED statuses.
     list_members will get us all the accounts that
     have delegated access to the account specified by current_aws_account_id.
-    '''
+    """
     client = session.client('inspector2', region_name=region)
     members = aws_paginate(client, 'list_members', 'members')
@@ -61,7 +63,7 @@ def get_inspector_findings(
     return findings
-def transform_inspector_findings(results: List[Dict]) -> Tuple[List, List]:
+def transform_inspector_findings(results: List[Dict[str, Any]]) -> Tuple[List[Dict[str, Any]], List[Dict[str, Any]]]:
     findings_list: List[Dict] = []
     packages: Dict[str, Any] = {}
@@ -110,7 +112,7 @@ def transform_inspector_findings(results: List[Dict]) -> Tuple[List, List]:
     return findings_list, packages_list
-def transform_inspector_packages(packages: Dict[str, Any]) -> List[Dict]:
+def transform_inspector_packages(packages: Dict[str, Any]) -> List[Dict[str, Any]]:
     packages_list: List[Dict] = []
     for package_id in packages.keys():
         packages_list.append(packages[package_id])
@@ -146,153 +148,53 @@ def _process_packages(package_details: Dict[str, Any], aws_account_id: str, find
     return packages
-def _port_range_string(details: Dict) -> str:
+def _port_range_string(details: Dict[str, Any]) -> str:
     begin = details['openPortRange']['begin']
     end = details['openPortRange']['end']
     return f"{begin}-{end}"
-def _load_findings_tx(
-    tx: neo4j.Transaction,
-    findings: List[Dict],
-    region: str,
-    aws_update_tag: int,
-) -> None:
-    query = """
-    UNWIND $Findings as new_finding
-        MERGE (finding:AWSInspectorFinding{id: new_finding.id})
-        ON CREATE SET finding.firstseen = timestamp(),
-            finding.arn = new_finding.arn,
-            finding.region = $Region,
-            finding.awsaccount = new_finding.awsaccount
-        SET finding.lastupdated = $UpdateTag,
-            finding.name = new_finding.title,
-            finding.instanceid = new_finding.instanceid,
-            finding.ecrimageid = new_finding.ecrimageid,
-            finding.ecrrepositoryid = new_finding.ecrrepositoryid,
-            finding.severity = new_finding.severity,
-            finding.firstobservedat = new_finding.firstobservedat,
-            finding.updatedat = new_finding.updatedat,
-            finding.description = new_finding.description,
-            finding.type = new_finding.type,
-            finding.cvssscore = new_finding.cvssscore,
-            finding.protocol = new_finding.protocol,
-            finding.portrange = new_finding.portrange,
-            finding.portrangebegin = new_finding.portrangebegin,
-            finding.portrangeend = new_finding.portrangeend,
-            finding.vulnerabilityid = new_finding.vulnerabilityid,
-            finding.referenceurls = new_finding.referenceurls,
-            finding.relatedvulnerabilities = new_finding.relatedvulnerabilities,
-            finding.source = new_finding.source,
-            finding.sourceurl = new_finding.sourceurl,
-            finding.status = new_finding.status,
-            finding.vendorcreatedat = new_finding.vendorcreatedat,
-            finding.vendorseverity = new_finding.vendorseverity,
-            finding.vendorupdatedat = new_finding.vendorupdatedat,
-            finding.vulnerablepackageids = new_finding.vulnerablepackageids,
-            finding:Risk
-        WITH finding
-        MATCH (account:AWSAccount{id: finding.awsaccount})
-        MERGE (account)-[r:RESOURCE]->(finding)
-        ON CREATE SET r.firstseen = timestamp()
-        SET r.lastupdated = $UpdateTag
-        WITH finding
-        MATCH (instance:EC2Instance{id: finding.instanceid})
-        MERGE (instance)<-[r2:AFFECTS]-(finding)
-        ON CREATE SET r2.firstseen = timestamp()
-        SET r2.lastupdated = $UpdateTag
-        WITH finding
-        MATCH (repo:ECRRepository{id: finding.ecrrepositoryid})
-        MERGE (repo)<-[r3:AFFECTS]-(finding)
-        ON CREATE SET r3.firstseen = timestamp()
-        SET r3.lastupdated = $UpdateTag
-        WITH finding
-        MATCH (image:ECRImage{id: finding.ecrimageid})
-        MERGE (image)<-[r4:AFFECTS]-(finding)
-        ON CREATE SET r4.firstseen = timestamp()
-        SET r4.lastupdated = $UpdateTag
-    """
-    tx.run(
-        query,
-        Findings=findings,
-        UpdateTag=aws_update_tag,
-        Region=region,
-    )
 @timeit
 def load_inspector_findings(
-    neo4j_session: neo4j.Session, findings: List[Dict], region: str,
-    aws_update_tag: int,
+        neo4j_session: neo4j.Session,
+        findings: List[Dict[str, Any]],
+        region: str,
+        aws_update_tag: int,
+        current_aws_account_id: str,
 ) -> None:
-    for i, findings_batch in enumerate(batch(findings), start=1):
-        logger.info(f'Loading batch number {i}')
-        neo4j_session.write_transaction(
-            _load_findings_tx,
-            findings=findings_batch,
-            region=region,
-            aws_update_tag=aws_update_tag,
-        )
-def _load_packages_tx(
-    tx: neo4j.Transaction,
-    packages: List[Dict],
-    region: str,
-    aws_update_tag: int,
-) -> None:
-    query = """
-    UNWIND $Packages as new_package
-        MERGE (package:AWSInspectorPackage{id: new_package.id})
-        ON CREATE SET package.firstseen = timestamp(),
-            package.region = $Region,
-            package.awsaccount = new_package.awsaccount,
-            package.findingarn = new_package.findingarn
-        SET package.lastupdated = $UpdateTag,
-            package.name = new_package.name,
-            package.arch = new_package.arch,
-            package.version = new_package.version,
-            package.release = new_package.release,
-            package.epoch = new_package.epoch,
-            package.manager = new_package.packageManager,
-            package.filepath = new_package.filePath,
-            package.fixedinversion = new_package.fixedInVersion,
-            package.sourcelayerhash = new_package.sourceLayerHash
-        WITH package
-        MATCH (finding:AWSInspectorFinding{id: package.findingarn})
-        MERGE (finding)-[r:HAS]->(package)
-        WITH package
-        MATCH (account:AWSAccount{id: package.awsaccount})
-        MERGE (account)-[r:RESOURCE]->(package)
-        ON CREATE SET r.firstseen = timestamp()
-        SET r.lastupdated = $UpdateTag
-    """
-    tx.run(
-        query,
-        Packages=packages,
-        UpdateTag=aws_update_tag,
+    load(
+        neo4j_session,
+        AWSInspectorFindingSchema(),
+        findings,
         Region=region,
+        AWS_ID=current_aws_account_id,
+        lastupdated=aws_update_tag,
     )
 @timeit
 def load_inspector_packages(
-    neo4j_session: neo4j.Session, packages: List[Dict], region: str,
-    aws_update_tag: int,
+        neo4j_session: neo4j.Session,
+        packages: List[Dict[str, Any]],
+        region: str,
+        aws_update_tag: int,
+        current_aws_account_id: str,
 ) -> None:
-    neo4j_session.write_transaction(
-        _load_packages_tx,
-        packages=packages,
-        region=region,
-        aws_update_tag=aws_update_tag,
+    load(
+        neo4j_session,
+        AWSInspectorPackageSchema(),
+        packages,
+        Region=region,
+        AWS_ID=current_aws_account_id,
+        lastupdated=aws_update_tag,
     )
 @timeit
-def cleanup(neo4j_session: neo4j.Session, common_job_parameters: Dict) -> None:
-    run_cleanup_job('aws_import_inspector_cleanup.json', neo4j_session, common_job_parameters)
+def cleanup(neo4j_session: neo4j.Session, common_job_parameters: Dict[str, Any]) -> None:
+    logger.info("Running AWS Inspector cleanup")
+    GraphJob.from_node_schema(AWSInspectorFindingSchema(), common_job_parameters).run(neo4j_session)
+    GraphJob.from_node_schema(AWSInspectorPackageSchema(), common_job_parameters).run(neo4j_session)
 @timeit
@@ -302,14 +204,14 @@ def sync(
     regions: List[str],
     current_aws_account_id: str,
     update_tag: int,
-    common_job_parameters: Dict,
+    common_job_parameters: Dict[str, Any],
 ) -> None:
     for region in regions:
         logger.info(f"Syncing AWS Inspector findings for account {current_aws_account_id} and region {region}")
         findings = get_inspector_findings(boto3_session, region, current_aws_account_id)
         finding_data, package_data = transform_inspector_findings(findings)
-        logger.info(f"Loading {len(package_data)} packages")
-        load_inspector_packages(neo4j_session, package_data, region, update_tag)
         logger.info(f"Loading {len(finding_data)} findings")
-        load_inspector_findings(neo4j_session, finding_data, region, update_tag)
+        load_inspector_findings(neo4j_session, finding_data, region, update_tag, current_aws_account_id)
+        logger.info(f"Loading {len(package_data)} packages")
+        load_inspector_packages(neo4j_session, package_data, region, update_tag, current_aws_account_id)
         cleanup(neo4j_session, common_job_parameters)

cartography/intel/aws/s3.py CHANGED Viewed

@@ -222,7 +222,12 @@ def _is_common_exception(e: Exception, bucket: Dict) -> bool:
 @timeit
-def _load_s3_acls(neo4j_session: neo4j.Session, acls: Dict, aws_account_id: str, update_tag: int) -> None:
+def _load_s3_acls(
+        neo4j_session: neo4j.Session,
+        acls: List[Dict[str, Any]],
+        aws_account_id: str,
+        update_tag: int,
+) -> None:
     """
     Ingest S3 ACL into neo4j.
     """

cartography/models/aws/ec2/loadbalancerv2.py ADDED Viewed

File without changes

cartography/models/aws/ec2/networkinterface_instance.py ADDED Viewed

@@ -0,0 +1,109 @@
+from dataclasses import dataclass
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+@dataclass(frozen=True)
+class EC2NetworkInterfaceInstanceNodeProperties(CartographyNodeProperties):
+    """
+    Selection of properties of a network interface as known by an EC2 instance
+    """
+    # arn: PropertyRef = PropertyRef('Arn', extra_index=True) TODO use arn; issue #1024
+    id: PropertyRef = PropertyRef('NetworkInterfaceId')
+    status: PropertyRef = PropertyRef('Status')
+    mac_address: PropertyRef = PropertyRef('MacAddress', extra_index=True)
+    description: PropertyRef = PropertyRef('Description')
+    private_dns_name: PropertyRef = PropertyRef('PrivateDnsName', extra_index=True)
+    private_ip_address: PropertyRef = PropertyRef('PrivateIpAddress', extra_index=True)
+    region: PropertyRef = PropertyRef('Region', set_in_kwargs=True)
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+@dataclass(frozen=True)
+class EC2NetworkInterfaceToAwsAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+@dataclass(frozen=True)
+class EC2NetworkInterfaceToAWSAccount(CartographyRelSchema):
+    target_node_label: str = 'AWSAccount'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'id': PropertyRef('AWS_ID', set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: EC2NetworkInterfaceToAwsAccountRelProperties = EC2NetworkInterfaceToAwsAccountRelProperties()
+@dataclass(frozen=True)
+class EC2NetworkInterfaceToEC2InstanceRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+@dataclass(frozen=True)
+class EC2NetworkInterfaceToEC2Instance(CartographyRelSchema):
+    target_node_label: str = 'EC2Instance'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'id': PropertyRef('InstanceId')},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "NETWORK_INTERFACE"
+    properties: EC2NetworkInterfaceToEC2InstanceRelProperties = EC2NetworkInterfaceToEC2InstanceRelProperties()
+@dataclass(frozen=True)
+class EC2NetworkInterfaceToEC2SubnetRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+@dataclass(frozen=True)
+class EC2NetworkInterfaceToEC2Subnet(CartographyRelSchema):
+    target_node_label: str = 'EC2Subnet'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'id': PropertyRef('SubnetId')},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "PART_OF_SUBNET"
+    properties: EC2NetworkInterfaceToEC2SubnetRelProperties = EC2NetworkInterfaceToEC2SubnetRelProperties()
+@dataclass(frozen=True)
+class EC2NetworkInterfaceToEC2SecurityGroupRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+@dataclass(frozen=True)
+class EC2NetworkInterfaceToEC2SecurityGroup(CartographyRelSchema):
+    target_node_label: str = 'EC2SecurityGroup'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'id': PropertyRef('GroupId')},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "MEMBER_OF_EC2_SECURITY_GROUP"
+    properties: EC2NetworkInterfaceToEC2SecurityGroupRelProperties = \
+        EC2NetworkInterfaceToEC2SecurityGroupRelProperties()
+@dataclass(frozen=True)
+class EC2NetworkInterfaceInstanceSchema(CartographyNodeSchema):
+    """
+    Network interface as known by an EC2 instance
+    """
+    label: str = 'NetworkInterface'
+    properties: EC2NetworkInterfaceInstanceNodeProperties = EC2NetworkInterfaceInstanceNodeProperties()
+    sub_resource_relationship: EC2NetworkInterfaceToAWSAccount = EC2NetworkInterfaceToAWSAccount()
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            EC2NetworkInterfaceToEC2Instance(),
+            EC2NetworkInterfaceToEC2Subnet(),
+            EC2NetworkInterfaceToEC2SecurityGroup(),
+        ],
+    )

cartography/models/aws/ec2/networkinterfaces.py CHANGED Viewed

@@ -1,5 +1,9 @@
 from dataclasses import dataclass
+from cartography.models.aws.ec2.networkinterface_instance import EC2NetworkInterfaceToAWSAccount
+from cartography.models.aws.ec2.networkinterface_instance import EC2NetworkInterfaceToEC2Instance
+from cartography.models.aws.ec2.networkinterface_instance import EC2NetworkInterfaceToEC2SecurityGroup
+from cartography.models.aws.ec2.networkinterface_instance import EC2NetworkInterfaceToEC2Subnet
 from cartography.models.core.common import PropertyRef
 from cartography.models.core.nodes import CartographyNodeProperties
 from cartography.models.core.nodes import CartographyNodeSchema
@@ -13,90 +17,73 @@ from cartography.models.core.relationships import TargetNodeMatcher
 @dataclass(frozen=True)
 class EC2NetworkInterfaceNodeProperties(CartographyNodeProperties):
-    # arn: PropertyRef = PropertyRef('Arn', extra_index=True) TODO decide this
+    """
+    Network interface properties
+    """
     id: PropertyRef = PropertyRef('NetworkInterfaceId')
-    status: PropertyRef = PropertyRef('Status')
-    mac_address: PropertyRef = PropertyRef('MacAddress')
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
     description: PropertyRef = PropertyRef('Description')
+    mac_address: PropertyRef = PropertyRef('MacAddress', extra_index=True)
     private_dns_name: PropertyRef = PropertyRef('PrivateDnsName')
-    private_ip_address: PropertyRef = PropertyRef('PrivateIpAddress')
+    private_ip_address: PropertyRef = PropertyRef('PrivateIpAddress', extra_index=True)
     region: PropertyRef = PropertyRef('Region', set_in_kwargs=True)
-    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
-@dataclass(frozen=True)
-class EC2NetworkInterfaceToAwsAccountRelProperties(CartographyRelProperties):
-    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+    status: PropertyRef = PropertyRef('Status')
-@dataclass(frozen=True)
-class EC2NetworkInterfaceToAWSAccount(CartographyRelSchema):
-    target_node_label: str = 'AWSAccount'
-    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
-        {'id': PropertyRef('AWS_ID', set_in_kwargs=True)},
-    )
-    direction: LinkDirection = LinkDirection.INWARD
-    rel_label: str = "RESOURCE"
-    properties: EC2NetworkInterfaceToAwsAccountRelProperties = EC2NetworkInterfaceToAwsAccountRelProperties()
+    # Properties only returned by describe-network-interfaces
+    interface_type: PropertyRef = PropertyRef('InterfaceType')
+    public_ip: PropertyRef = PropertyRef('PublicIp', extra_index=True)
+    requester_id: PropertyRef = PropertyRef('RequesterId', extra_index=True)
+    requester_managed: PropertyRef = PropertyRef('RequesterManaged')
+    source_dest_check: PropertyRef = PropertyRef('SourceDestCheck')
+    subnetid: PropertyRef = PropertyRef('SubnetId', extra_index=True)
 @dataclass(frozen=True)
-class EC2NetworkInterfaceToEC2InstanceRelProperties(CartographyRelProperties):
+class EC2NetworkInterfaceToElbRelProperties(CartographyRelProperties):
     lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
 @dataclass(frozen=True)
-class EC2NetworkInterfaceToEC2Instance(CartographyRelSchema):
-    target_node_label: str = 'EC2Instance'
+class EC2NetworkInterfaceToElb(CartographyRelSchema):
+    target_node_label: str = 'LoadBalancer'
     target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
-        {'id': PropertyRef('InstanceId')},
+        {'name': PropertyRef('ElbV1Id')},
     )
     direction: LinkDirection = LinkDirection.INWARD
     rel_label: str = "NETWORK_INTERFACE"
-    properties: EC2NetworkInterfaceToEC2InstanceRelProperties = EC2NetworkInterfaceToEC2InstanceRelProperties()
+    properties: EC2NetworkInterfaceToElbRelProperties = EC2NetworkInterfaceToElbRelProperties()
 @dataclass(frozen=True)
-class EC2NetworkInterfaceToEC2SubnetRelProperties(CartographyRelProperties):
+class EC2NetworkInterfaceToElbV2RelProperties(CartographyRelProperties):
     lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
 @dataclass(frozen=True)
-class EC2NetworkInterfaceToEC2Subnet(CartographyRelSchema):
-    target_node_label: str = 'EC2Subnet'
+class EC2NetworkInterfaceToElbV2(CartographyRelSchema):
+    target_node_label: str = 'LoadBalancerV2'
     target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
-        {'id': PropertyRef('SubnetId')},
+        {'id': PropertyRef('ElbV2Id')},
     )
-    direction: LinkDirection = LinkDirection.OUTWARD
-    rel_label: str = "PART_OF_SUBNET"
-    properties: EC2NetworkInterfaceToEC2SubnetRelProperties = EC2NetworkInterfaceToEC2SubnetRelProperties()
-@dataclass(frozen=True)
-class EC2NetworkInterfaceToEC2SecurityGroupRelProperties(CartographyRelProperties):
-    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
-@dataclass(frozen=True)
-class EC2NetworkInterfaceToEC2SecurityGroup(CartographyRelSchema):
-    target_node_label: str = 'EC2SecurityGroup'
-    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
-        {'id': PropertyRef('GroupId')},
-    )
-    direction: LinkDirection = LinkDirection.OUTWARD
-    rel_label: str = "MEMBER_OF_EC2_SECURITY_GROUP"
-    properties: EC2NetworkInterfaceToEC2SubnetRelProperties = EC2NetworkInterfaceToEC2SubnetRelProperties()
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "NETWORK_INTERFACE"
+    properties: EC2NetworkInterfaceToElbV2RelProperties = EC2NetworkInterfaceToElbV2RelProperties()
 @dataclass(frozen=True)
 class EC2NetworkInterfaceSchema(CartographyNodeSchema):
+    """
+    Network interface as known by describe-network-interfaces.
+    """
     label: str = 'NetworkInterface'
     properties: EC2NetworkInterfaceNodeProperties = EC2NetworkInterfaceNodeProperties()
     sub_resource_relationship: EC2NetworkInterfaceToAWSAccount = EC2NetworkInterfaceToAWSAccount()
     other_relationships: OtherRelationships = OtherRelationships(
         [
-            EC2NetworkInterfaceToEC2Instance(),
             EC2NetworkInterfaceToEC2Subnet(),
             EC2NetworkInterfaceToEC2SecurityGroup(),
+            EC2NetworkInterfaceToElb(),
+            EC2NetworkInterfaceToElbV2(),
+            EC2NetworkInterfaceToEC2Instance(),
         ],
     )

cartography 0.84.0__py3-none-any.whl → 0.85.1__py3-none-any.whl

Potentially problematic release.

cartography 0.84.0py3-none-any.whl → 0.85.1py3-none-any.whl